A few highlights worth noting if you’re wrangling updates today:
-
CVE-2025-62215 – Windows Kernel EoP (CVSS 7.0). Local access + user interaction needed, but successful attacks can escalate privileges at the kernel level. Watch for suspicious driver installs or new admin accounts.
-
CVE-2025-62220 – Windows Subsystem for Linux (WSL) GUI RCE (CVSS 8.8). Triggered through a crafted RDP file using the /plugin option. If users open a malicious file, an attacker could get remote code execution on the Windows host. Patch WSL and RDP components, and lock down plugin loading via Group Policy or Intune.
-
CVE-2025-62222 – Visual Studio Code CoPilot Chat RCE (CVSS 8.8). Improper command-line handling allows command injection through crafted prompts or updates. Make sure extensions come from trusted sources and keep workspace trust locked down.
Each of these ties into broader trends we’ve been tracking, especially AI-integrated tools becoming new threat surfaces.
Full write-up + mitigation guidance in this month’s Patch Tuesday post on the Automox blog. You can also catch the Patch [FIX] Tuesday podcast if you prefer to listen instead of read.
